Buffer Overrun and Denial of Service in Microsoft FrontPage Server Extensions

Reported September 25, 2002, byMicrosoft.

VERSIONS AFFECTED

·        Microsoft SharePoint Team Services 2002

·        Microsoft Windows XP (shipped with FrontPage ServerExtensions 2000)

·        Microsoft Windows 2000 (shipped with FrontPage ServerExtensions 2000)

·        Microsoft FrontPage Server Extensions 2002

·        Microsoft FrontPage Server Extensions 2000

DESCRIPTION

A buffer overrun vulnerability exists in theSmartHTML Interpreter (shtml.dll), which ships as part of the MicrosoftFrontPage Server Extension (FPSE) package. This condition stems from a flaw thatan attacker can expose when FPSE processes a request for a particular type ofWeb file and that request had certain characteristics. This vulnerabilityaffects the two versions FPSE 2002 and FPSE 2000 differently. With FPSE 2002 andSharePoint Team Services 2002, such a request could cause a buffer overrun,letting an attacker run code of his or her choice. With FPSE 2000, such arequest would cause the interpreter to consume most or all CPU availabilityuntil you restart the Web service. An attacker could use this vulnerability toconduct a denial of service (DoS) attack against a vulnerable Web server.  

VENDOR RESPONSE

Thevendor, Microsoft, has released SecurityBulletin MS02-053(Buffer Overrun inSmartHTML Interpreter Could Allow Code Execution) toaddress these vulnerabilities, and recommends that affected users apply theappropriate patch mentioned in the bulletin.

CREDIT

Discoveredby Maninder Bharadwaj.